Refactor libsimpleperf_report_fuzzer

The following are updates to the fuzzer:
1. Added new APIs and randomized API calls.
2. Added dictionary to create a valid RecordFileReader

Test: ./libsimpleperf_report_fuzzer corpus/
exec/s: 165
Bug: 342518657

Change-Id: If80b3bf9b41b30e47148f02ebe75aa9b70e6b0c5

3 files changed, 71 insertions, 28 deletions

diff --git a/simpleperf/Android.bp b/simpleperf/Android.bp
index 4ebc0ed2..deb053c8 100644
--- a/simpleperf/Android.bp
+++ b/simpleperf/Android.bp
@@ -753,5 +753,6 @@ cc_fuzz {
             enabled: false,
         },
     },
+    dictionary: "simpleperf_dict.dict",
     corpus: ["testdata/**/*.data"],
 }
diff --git a/simpleperf/libsimpleperf_report_fuzzer.cpp b/simpleperf/libsimpleperf_report_fuzzer.cpp
index f448af87..3656be60 100644
--- a/simpleperf/libsimpleperf_report_fuzzer.cpp
+++ b/simpleperf/libsimpleperf_report_fuzzer.cpp
@@ -1,46 +1,87 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
 
-#include <android-base/file.h>
-
+#include <record_file.h>
 #include "command.h"
-#include "report_lib_interface.cpp"
+#include "fuzzer/FuzzedDataProvider.h"
 #include "test_util.h"
 
 using namespace simpleperf;
+using namespace std;
+using namespace android;
 
-namespace {
-
-class CommandRegister {
+class SimplePerfReportFuzzer {
  public:
-  CommandRegister() { RegisterDumpRecordCommand(); }
-};
-
-CommandRegister command_register;
-
-void TestReportLib(const char* record_file) {
-  ReportLib* report_lib = CreateReportLib();
-  SetRecordFile(report_lib, record_file);
-  while (true) {
-    Sample* sample = GetNextSample(report_lib);
-    if (sample == nullptr) {
-      break;
-    }
+  SimplePerfReportFuzzer(const uint8_t* data, size_t size) : mFdp(data, size) {
+    /**
+     * Use maximum of 80% of buffer to write in FD and save at least 20% for fuzzing other APIs
+     */
+    const int32_t dataSize = mFdp.ConsumeIntegralInRange<int32_t>(0, (size * 80) / 100);
+    std::vector<uint8_t> dataPointer = mFdp.ConsumeBytes<uint8_t>(dataSize);
+    android::base::WriteFully(mTempfile.fd, dataPointer.data(), dataPointer.size());
+    RegisterDumpRecordCommand();
   }
-  DestroyReportLib(report_lib);
-}
+  void process();
 
-void TestDumpCmd(const char* record_file) {
+ private:
+  FuzzedDataProvider mFdp;
+  TemporaryFile mTempfile;
+  void TestDumpCmd();
+};
+
+void SimplePerfReportFuzzer::TestDumpCmd() {
   std::unique_ptr<Command> dump_cmd = CreateCommandInstance("dump");
   CaptureStdout capture;
   capture.Start();
-  dump_cmd->Run({"-i", record_file, "--dump-etm", "raw,packet,element"});
+  dump_cmd->Run({"-i", mTempfile.path, "--dump-etm", "raw,packet,element"});
 }
 
-}  // namespace
+void SimplePerfReportFuzzer::process() {
+  std::unique_ptr<RecordFileReader> reader = RecordFileReader::CreateInstance(mTempfile.path);
+  if (!reader.get()) {
+    return;
+  }
+  while (mFdp.remaining_bytes()) {
+    auto InvokeReader = mFdp.PickValueInArray<const std::function<void()>>({
+        [&]() { reader->ReadCmdlineFeature(); },
+        [&]() { reader->ReadBuildIdFeature(); },
+        [&]() { reader->ReadFeatureString(mFdp.ConsumeIntegral<int32_t>() /* feature */); },
+        [&]() {
+          vector<uint8_t> buf;
+          bool error;
+          reader->ReadAuxData(mFdp.ConsumeIntegral<uint32_t>() /* cpu */,
+                              mFdp.ConsumeIntegral<uint64_t>() /* aux_offset */,
+                              mFdp.ConsumeIntegral<size_t>() /* size */, buf, error);
+        },
+        [&]() { reader->ReadDebugUnwindFeature(); },
+        [&]() { reader->DataSection(); },
+        [&]() {
+          ThreadTree thread_tree;
+          reader->LoadBuildIdAndFileFeatures(thread_tree);
+        },
+    });
+    InvokeReader();
+  }
+  TestDumpCmd();
+  reader->Close();
+}
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  TemporaryFile tmpfile;
-  android::base::WriteFully(tmpfile.fd, data, size);
-  TestReportLib(tmpfile.path);
-  TestDumpCmd(tmpfile.path);
+  SimplePerfReportFuzzer simplePerfReportFuzzer(data, size);
+  simplePerfReportFuzzer.process();
   return 0;
 }
diff --git a/simpleperf/simpleperf_dict.dict b/simpleperf/simpleperf_dict.dict
new file mode 100644
index 00000000..672bceac
--- /dev/null
+++ b/simpleperf/simpleperf_dict.dict
@@ -0,0 +1 @@
+kw1="PERFILE2"
\ No newline at end of file